Add rel ="noreferrer noopener" to external links by default as a privacy & security measure

Adding noopener tag to rel attribute is a must as a security measure.

noreferrer is somewhere in-between as a privacy measure. By default, the application can query the user agent’s DNT header and if DNT is checked it can add noreferrer tag to every external link on the page. And ideally it should be implemented in the backend if possible since some privacy-aware users disable JavaScript by default by using browser extensions such as NoScript.

Currently, I am using the following hack for my own blog. But like I said, not all users might be using JS.

// Make links in the articles open in a new tab & add "noreferrer noopener"
var post_links = document.querySelectorAll("article a");
for (let i = 0, tags = ["noreferrer", "noopener"]; i < post_links.length; i++) {
    if (post_links[i].href.startsWith("/")) {
        continue;
    }

    post_links[i].target = "_blank";

    for (const tag of tags) {
        if (!post_links[i].rel.includes(tag)) {
            post_links[i].rel += " " + tag;
        }
    }
}